86 matches found
CVE-2026-44930 Apache CXF: LDAP Injection vulnerability in XKMS LDAP Repository
An LDAP injection vulnerability in the LDAP Certificate repository of the XKMS server in Apache CXF may allow an attacker to retrieve arbitrary certificates from the repository. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from an insecure XML parser...
Apache CXF 安全漏洞
Apache CXF is an open-source web service framework developed by the Apache Foundation in the United States. This framework supports various web service standards and multiple front-end programming APIs. There is a security vulnerability in Apache CXF, which stems from LDAP injection in the XKMS...
PT-2026-42754
Insecure XML parser configuration in Apache CXF's WS-Transfer module may allow attackers to perform XXE attacks. Users are recommended to upgrade to versions 4.2.1, 4.1.6 or 3.6.11, which fix this issue...
CVE-2026-47323
Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy implementations CxfRsHeaderFilterStrategy in camel-cxf-rest, CxfHeaderFilterStrategy in camel-cxf-transport, and KnativeHttpHeaderFilterStrategy in camel-knative-http only...
Exploit for Server-Side Request Forgery in Apache Cxf
DevArea SOAP Exploitation Tool CVE-2022-46364 Descripti...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
io.github.rzo1.org.apache.cxf:apache-cxf (=4.2.0-tomee-m0-071068f), io.github.rzo1.org.apache.cxf:cxf-distribution-javadoc (=4.2.0-tomee-m0-071068f) +9 more potentially affected by CVE-2025-12543 via io.undertow:undertow-core (=2.4.0.Alpha1)
io.undertow:undertow-core MAVEN version =2.4.0.Alpha1 is affected by a known vulnerability. The following packages have a transitive dependency on io.undertow:undertow-core and may be impacted: - io.github.rzo1.org.apache.cxf:apache-cxf =4.2.0-tomee-m0-071068f -...
Security Bulletin: IBM Guardium Data Protection is affected by a Apache/Tomcat Vulnerabilities related to cxf-core-3.5.10.jar vulnerability (CVE-2025-48913)
Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2025-48913 DESCRIPTION: If untrusted users are allowed to configure JMS for Apache CXF, previously they could use RMI or LDAP URLs, potentially leading to code execution capabilitie...
org.apache.cxf/cxf: CXF JMS Code Execution Vulnerability
A flaw was found in org.apache.cxf/cxf, where untrusted users can configure JMS to allow the specification of RMI or LDAP URLs, possibly leading to code execution. This vulnerability allows an attacker to provide malicious protocol URLs during JMS configuration...
org.apache.cxf.systests:cxf-systests-jaxrs (>=4.0.0 <=4.0.11), org.apache.cxf.systests:cxf-systests-transport-jms (>=4.0.0 <=4.0.11) +15 more potentially affected by CVE-2025-48913 via org.apache.cxf:cxf-rt-transports-jms (>=4.0.0 <=4.0.8)
org.apache.cxf:cxf-rt-transports-jms MAVEN version =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =6.2.0.Final, =7.3.7.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =6.2.0.Final, =7.0.0.Final, =7.0.0.Final, =6.2.0.Final, =7.3.8.Final and more Source cves: CVE-2025-48913 Source advisor...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the JMS configuration. An attacker with permissions to configure JMS for Apache CXF can achieve remote code execution by supplying malicious RMI or LDAP URLs in the configuration. Details...
Apache CXF 安全漏洞
Apache CXF is an open source Web services framework from the US Apache Apache Foundation. The framework supports a variety of Web service standards, a variety of front-end programming APIs, and so on. A security vulnerability exists in Apache CXF that stems from allowing the use of RMI or LDAP UR...
GHSA-36WV-V2QP-V4G4 Apache CXF is vulnerable to DoS attacks as entire files are read into memory and logged
Apache CXF stores large stream based messages as temporary files on the local filesystem. A bug was introduced which means that the entire temporary file is read into memory and then logged. An attacker might be able to exploit this to cause a denial of service attack by causing an out of memory...
Apache CXF 资源管理错误漏洞
Apache CXF is an open source Web services framework from the US Apache Apache Foundation. The framework supports a variety of Web service standards, a variety of front-end programming APIs and so on. A security vulnerability exists in Apache CXF that stems from improper handling of temporary file...
org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...
org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...
org.apache.cxf: Apache CXF: Denial of Service vulnerability with temporary files
A flaw was found in Apache CXF. In some edge cases with large data stream caching, the CachedOutputStream instances may not be closed and, if backed by temporary files, may fill up the file system and trigger a denial of service...